Blog

By Amy Hogan-Burney, Corporate Vice President, Customer Security & Trust  

In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Défense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fuelled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.
 
Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyses 38 million identity risk detections, and screens 5 billion emails for malware and phishing. Advances in automation and readily available off-the-shelf tools have enabled cybercriminals—even those with limited technical expertise—to expand their operations significantly. The use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks. As a result, opportunistic malicious actors now target everyone—big or small—making cybercrime a universal, ever-present threat that spills into our daily lives.
 
In this environment, organizational leaders must treat cybersecurity as a core strategic priority—not just an IT issue—and build resilience into their technology and operations from the ground up. In our sixth annual Microsoft Digital Defence Report, which covers trends from July 2024 through June 2025, we highlight that legacy security measures are no longer enough; we need modern defences leveraging AI and strong collaboration across industries and governments to keep pace with the threat. For individuals, simple steps like using strong security tools—especially phishing-resistant multifactor authentication (MFA)—makes a big difference, as MFA can block over 99% of identity-based attacks. Below are some of the key findings.
 
 

 
Critical services are prime targets with a real-world impact.
 
Malicious actors remain focused on attacking critical public services—targets that, when compromised, can have a direct and immediate impact on people’s lives. Hospitals and local governments, for example, are all targets because they store sensitive data or have tight cybersecurity budgets with limited incident response capabilities, often resulting in outdated software. In the past year, cyberattacks on these sectors had real-world consequences, including delayed emergency medical care, disrupted emergency services, cancelled school classes, and halted transportation systems.
 
Ransomware actors in particular focus on these critical sectors because of the targets’ limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay. Additionally, governments, hospitals, and research institutions store sensitive data that criminals can steal and monetize through illicit marketplaces on the dark web, fuelling downstream criminal activity. Government and industry can collaborate to strengthen cybersecurity in these sectors—particularly for the most vulnerable. These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response.
 
Nation-state actors are expanding operations.
 
While cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain. Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia.
 

 
Key insights:

• China is continuing its broad push across industries to conduct espionage and steal sensitive data. State-affiliated actors are increasingly attacking non-governmental organizations (NGOs) to expand their insights and are using covert networks and vulnerable internet-facing devices to gain entry and avoid detection. They have also become faster at operationalizing newly disclosed vulnerabilities.
• Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations. Recently, three Iranian state-affiliated actors attacked shipping and logistics firms in Europe and the Persian Gulf to gain ongoing access to sensitive commercial data, raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations.
• Russia, while still focused on the war in Ukraine, has expanded its targets. For example, Microsoft has observed Russian state-affiliated actors targeting small businesses in countries supporting Ukraine. In fact, outside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO)—a 25% increase compared to last year. Russian actors may view these smaller companies as possibly less resource-intensive pivot points they can use to access larger organizations. These actors are also increasingly leveraging the cybercriminal ecosystem for their attacks.
• North Korea remains focused on revenue generation and espionage. In a trend that has gained significant attention, thousands of state-affiliated North Korean remote IT workers have applied for jobs with companies around the world, sending their salaries back to the government as remittances. When discovered, some of these workers have turned to extortion as another approach to bringing in money for the regime.

The cyber threats posed by nation-states are becoming more expansive and unpredictable. In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated. This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors.
 
2025 saw an escalation in the use of AI by both attackers and defenders.
 
Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Nation-state actors, too, have continued to incorporate AI into their cyber influence operations. This activity has picked up in the past six months as actors use the technology to make their efforts more advanced, scalable, and targeted.
 

 
For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams. Everyone—from industry to government—must be proactive to keep pace with increasingly sophisticated attackers and to ensure that defenders keep ahead of adversaries.
 
Adversaries aren’t breaking in; they’re signing in.
 
Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (“credentials”) for these bulk attacks largely from credential leaks.
 
However, credential leaks aren’t the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale. Cybercriminals can then buy this stolen information on cybercrime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware.
 
Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination. To target the malicious supply chain, Microsoft’s Digital Crimes Unit (DCU) is fighting back against the cybercriminal use of infostealers. In May, the DCU disrupted the most popular infostealer—–Lumma Stealer—alongside the US Department of Justice and Europol.
 
Moving forward: Cybersecurity is a shared defensive priority.
 
As threat actors grow more sophisticated, persistent, and opportunistic, organizations must stay vigilant, continually updating their defenses and sharing intelligence. Microsoft remains committed to doing its part to strengthen our products and services via our Secure Future Initiative. We also continue to collaborate with others to track threats, alert targeted customers, and share insights with the broader public when appropriate.
 
However, security is not only a technical challenge but a governance imperative. Defensive measures alone are not enough to deter nation-state adversaries. Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules. Encouragingly, governments are increasingly attributing cyberattacks to foreign actors and imposing consequences such as indictments and sanctions. This growing transparency and accountability are important steps toward building collective deterrence. As digital transformation accelerates—amplified by the rise of AI—cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action.

Good morning. Donald Trump said Prime Minister Narendra Modi has pledged that India would stop buying Russian oil. India responded with a measured statement, making no such promises but offering to expand procurement from the US. Does this mean a trade deal is nowhere near? Tell me what you think.

The festival season is in full swing, with gift laden cars causing traffic snarls in all big cities. I am running away to quiet(er) Kerala to celebrate with my family. We will not have an edition of this newsletter on Tuesday, October 21. Wishing you love and light and all things sweet this Deepavali. 

---

Alphabet AI

Google will invest $15bn over the next five years to build an AI data centre in India. Set up in Visakhapatnam, the 1GW unit is built in partnership with India’s Adani Group and Airtel. The choice of the southern port city as a location, while unusual, is strategic as the data centre will connect to 15 countries across the world — including Australia, Singapore and Malaysia — via subsea cable.

This unit is expected to create more than 6,000 direct jobs, and follows other US tech giants such as Amazon and Microsoft, who are investing $6.8bn and $3bn in Indian data centres. 

The investment is a big win for Andhra Pradesh, which has a target of developing 6GW of data centre capacity in the next four years. Thus far, the states of Maharashtra, Tamil Nadu and Telangana had cornered most of the business, with the local governments offering duty waivers on electricity consumption and generous land subsidies. For Google, the Andhra Pradesh government lobbied heavily to iron out regulatory issues, especially to avoid applying Indian laws to the data being processed offshore. Google was also, understandably, wary of India’s proclivity for retrospective taxation. 

Corporations, as well as the administration, are betting big on data centres. While India generated about 20 per cent of global data, it has only 3 per cent of data centre capacity. Multinational companies have been the biggest investors so far, but large Indian companies are also now beginning to show up with big cheques. Last week, Tata Consultancy Services chief executive K Krithivasan said the company plans to invest $6.5bn over the next six years to build 1GW in data centre capacity. 

However, even as states fall over themselves to attract investments, what is lacking is a clear policy on how to mitigate the environmental damage these large centres are capable of. Although the new centres are pivoting towards renewables for energy generation, they still place significant strain on the grid. Water is an even more serious problem. Data centres use more water than they replenish, even if alternatives such as aircooled chillers are used to stop equipment from overheating. States like Andhra Pradesh are already prone to droughts and a massive data centre will only make this situation worse.

I’m not arguing that India shouldn’t be allowing these investments, but that it is imperative that a national policy on resource usage be drawn up at this early stage, so that problems can be mitigated before they become catastrophes. Neither the central government nor the regional states have prioritised this. A man versus technology conflict is inevitable — but without any safeguards, it will arrive sooner rather than later. 

Do you think India should have an environment and resource policy ready for data centre investments? Hit reply or email me at indiabrief@ft.com

For more on AI, sign up for The AI Shift: John Burn-Murdoch and Sarah O’Connor explore how the technology is transforming the world of work in our new weekly newsletter.

Recommended stories

1. The FT investigates how the Trump companies made $1bn from crypto. 

2. Banks caution over the bubble in financial markets.

3. The US revoked visas of six people who “celebrated” Charlie Kirk’s death.

4. Morgan Stanley has overtaken rival Goldman Sachs in equities trading.

5. How high-end restaurants went global.

Silver bullet

All that glitters is not gold — because it’s silver. The sudden escalation in demand has resulted in a strange phenomenon in the Indian markets, where silver funds are quoting at a massive premium to the already record high prices as they struggle to acquire physical stocks of the asset.

On Wednesday, Tata Mutual Fund became the fifth fund house to temporarily suspend new investments into their silver-backed exchange traded fund, joining HDFC, ICICI and others. Even in the domestic metal market, silver is trading at a premium of about 10 per cent over its global rate. In London, silver touched a record high of $53 per ounce this week, an 85 per cent gain this year.

The surge in demand for silver is driven by two factors. One, it is seen as a proxy for gold, which is also trading at a record high of $4,179 an ounce. This month, the wedding season in India is also a contributor to global prices, as customers switch to wearing silver since gold is so prohibitively expensive now. Two, its use has significantly increased in industries such as electronics and solar panels.

Despite this sharp run up, most analysts are bullish about silver prices in the medium term. Brokerage house Motilal Oswal has a target of $75 an ounce for 2026, even though they think prices will consolidate around $50-55 in the near term. Industrial use accounts for almost 60 per cent of silver output and this is unlikely to ease off in a hurry, even if the more price-sensitive segment — jewellery consumption — softens. 

Even though gold grabbed the headlines, inflows into silver funds have also been strong, with investments in Indian ETFs growing 60 per cent this year. Silver’s popularity as the au courant asset is best illustrated by the fact that in the last couple of months, even “finfluencers” have been extolling their followers to get into this game. By stopping new inflows, fund houses have stopped new investors from participating in this rally — but also protected them from paying an inflated value for the metal. These funds will reopen only when the availability of physical silver becomes easier. But the situation is unlikely to improve, with India just one of several countries in the global race for precious metals and minerals. It will be difficult to get a piece of this action anytime soon, no matter what our favourite influencer tells us. 

Go figure

Vehicle sales were the biggest beneficiary of the cuts in India’s goods and services tax. The new taxes took effect on September 22, after Modi promised households a $28bn bounty from what he dubbed the “GST Savings Festival”.

Read, hear, watch

It’s been (yet another) busy week and I haven’t been able to read or watch very much. However, I did enjoy this episode of The Daily, an interview with three puzzle editors from the New York Times. I do the mini crossword, aim for genius on the Spelling Bee most days, and solve the main crossword four or five times a week, with diminishing success. I abandoned Wordle after losing my streak. But Connections really makes me want to hurl my phone at a wall.

Do you have a favourite? Write to me. And thank you for the show recommendations last week.

Buzzer round

The global popularity of which product has sent Japanese farmers into a tizzy as they struggle to keep up with demand?

Send your answer to indiabrief@ft.com and check Tuesday’s newsletter to see if you were the first one to get it right.

Quick answer

On Tuesday, we asked if India was right in pursuing diplomatic engagement with the Taliban. Here are the results. Some 62 per cent of you think it is. I was betting on a more even split!

---

Thank you for reading. India Business Briefing is edited by Tee Zhuo. Please send feedback, suggestions (and gossip) to indiabrief@ft.com.